@agent-native/core 0.49.22 → 0.49.24

package/dist/mcp/build-server.d.ts

@@ -74,20 +74,22 @@ export interface MCPConfig {
      * Curated allow-list of action names served to **external connector** clients
      * on a hosted multi-tenant deployment.
      *
-     * When `AGENT_NATIVE_CONNECTOR_CATALOG=1` is set and this list is non-empty,
-     * the MCP server trims both the advertised tool list *and* the callable
+     * Whenever this list is non-empty it is active by default for **every**
+     * caller — hosted connectors, code/stdio clients, and the local CLI alike.
+     * The MCP server trims both the advertised tool list *and* the callable
      * surface to exactly these names (plus any builtin cross-app tools such as
      * `list_apps` / `open_app`). Any tool call for a name **not** in the list is
      * rejected — it is not merely hidden. This prevents the ~105-tool full
      * catalog from landing in every external agent's context window and removes
      * footguns (db-exec, seed-*, extension tools, browser-session tools, etc.)
-     * from multi-tenant hosted connectors.
+     * from connectors. It is no longer gated behind an environment variable, and
+     * the catalog is never inferred from the client name/user-agent.
      *
-     * Callers who need the full surface can opt up with
-     * `agent-native connect --full-catalog`, which embeds a `catalog_scope: "full"`
-     * claim in their connect-minted JWT. Local/dev deployments without
-     * `AGENT_NATIVE_CONNECTOR_CATALOG=1` are unaffected — they always see the
-     * full surface.
+     * `tool-search` stays available in the compact catalog so any trimmed tool is
+     * reachable on demand. Callers who need the full surface up front opt in
+     * explicitly with `agent-native connect --full-catalog` (embeds a
+     * `catalog_scope: "full"` claim in the connect-minted JWT) or the
+     * deployment-wide `AGENT_NATIVE_MCP_FULL_CATALOG=1` env override.
      *
      * Declare this in your template's `createAgentChatPlugin` options rather than
      * setting it on `MCPConfig` directly; the plugin copies it through.
@@ -235,8 +237,8 @@ export declare function verifyAuth(authHeader: string | undefined, ownerEmailHea
     /**
      * The caller explicitly opted up to the full connector catalog by minting
      * their token with `--full-catalog` (or equivalent). When `true`, the
-     * connector-catalog tier filter is bypassed even when
-     * `AGENT_NATIVE_CONNECTOR_CATALOG=1` is set. Derived from a
+     * compact/connector-catalog tier filter (active by default whenever a
+     * `connectorCatalog` is declared) is bypassed for this caller. Derived from a
      * `catalog_scope: "full"` claim in the verified A2A/connect JWT.
      */
     fullCatalog?: boolean;

package/dist/mcp/build-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAsChE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,8EAA8E;IAC9E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,KAAK,CAAC,EAAE,KAAK,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;KAC1B,CAAC,CAAC;IACH,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gEAAgE;IAChE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iEAAiE;IACjE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAwbD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAyeD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAqd7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AAyCD,wBAAgB,cAAc,CAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,GAC7B,MAAM,GAAG,SAAS,CAIpB;AAwED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAO,GACxE,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CAyID;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}
+{"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAsChE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,8EAA8E;IAC9E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,KAAK,CAAC,EAAE,KAAK,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;KAC1B,CAAC,CAAC;IACH,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gEAAgE;IAChE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iEAAiE;IACjE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AA4YD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAyeD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA0d7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AAyCD,wBAAgB,cAAc,CAC5B,UAAU,EAAE,MAAM,GAAG,SAAS,GAC7B,MAAM,GAAG,SAAS,CAIpB;AAwED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAO,GACxE,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CAyID;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}

package/dist/mcp/build-server.js

@@ -39,6 +39,10 @@ const COMPACT_MCP_APP_CATALOG_BUILTINS = new Set([
     "open_app",
     "ask_app",
     "create_embed_session",
+    // `tool-search` MUST stay in every compact/connector surface: it is how a
+    // compacted client discovers and loads any action on demand, which is what
+    // makes "small catalog by default" safe instead of limiting.
+    "tool-search",
 ]);
 function isActionAdvertisedInCompactMcpAppCatalog(name, entry, config) {
     if (COMPACT_MCP_APP_CATALOG_BUILTINS.has(name))
@@ -52,71 +56,38 @@ function isActionAdvertisedInCompactMcpAppCatalog(name, entry, config) {
     }
     return false;
 }
-const MCP_APP_OAUTH_CLIENT_RE = /\b(chatgpt|openai|claude|anthropic)\b/i;
-const NON_APP_OAUTH_CLIENT_RE = /\b(code|cli|cursor|codex|goose|postman|mcpjam|inspector)\b/i;
-const MCP_APP_OAUTH_REDIRECT_HOST_RE = /(^|\.)((chatgpt|openai)\.com|claude\.ai|anthropic\.com)$/i;
-const FULL_CATALOG_CLIENT_RE = /\b(agent-native-mcp-(proxy|stdio|standalone)|code|cli|cursor|codex|goose|postman|mcpjam|inspector)\b/i;
-async function isKnownMcpAppOAuthClient(identity) {
-    const clientId = identity?.oauthClientId?.trim();
-    if (!clientId)
-        return false;
-    function isKnownAppClientName(value) {
-        if (!value)
-            return false;
-        return (MCP_APP_OAUTH_CLIENT_RE.test(value) &&
-            !NON_APP_OAUTH_CLIENT_RE.test(value));
-    }
-    function isKnownNonAppClientName(value) {
-        return Boolean(value && NON_APP_OAUTH_CLIENT_RE.test(value));
-    }
-    function isKnownMcpAppRedirectUri(uri) {
-        try {
-            const url = new URL(uri);
-            return (url.protocol === "https:" &&
-                MCP_APP_OAUTH_REDIRECT_HOST_RE.test(url.hostname));
-        }
-        catch {
-            return false;
-        }
-    }
-    if (isKnownAppClientName(clientId))
-        return true;
-    if (isKnownNonAppClientName(clientId))
-        return false;
-    try {
-        const { getOAuthClient } = await import("./oauth-store.js");
-        const client = await getOAuthClient(clientId);
-        // If the token carries an OAuth client id but its registration is missing,
-        // keep the model on the compact MCP Apps surface instead of exposing every
-        // private action/schema.
-        if (!client)
-            return true;
-        if (isKnownAppClientName(client.clientName))
-            return true;
-        if (isKnownNonAppClientName(client.clientName))
-            return false;
-        if (client.redirectUris.some(isKnownMcpAppRedirectUri))
-            return true;
-        // Most OAuth hosts are UI-oriented MCP clients. Preserve the full catalog
-        // only for known code/CLI clients so unknown browser hosts cannot trigger
-        // massive resources/list payloads.
-        return true;
-    }
-    catch {
-        // On metadata lookup errors, fail compact instead of falling back to the
-        // full action surface; ChatGPT/Claude old tokens otherwise get huge lists.
-        return true;
-    }
-}
 function explicitlyRequestsFullMcpCatalog(requestMeta) {
+    // Full catalog is a deliberate, rare opt-in — NEVER a default, and NEVER
+    // inferred from the client name / user-agent. It is reached only by an
+    // explicit deployment env or a token minted with
+    // `agent-native connect --full-catalog` (which embeds `catalog_scope: "full"`,
+    // surfaced here as requestMeta.fullCatalog). Dumping ~105 tool schemas
+    // (100k+ tokens) into a context window just because a client called itself
+    // "code"/"cursor"/"codex" was a recurring footgun. Everything else gets the
+    // connector/compact catalog plus `tool-search`, which keeps every tool
+    // reachable on demand.
     if (process.env.AGENT_NATIVE_MCP_FULL_CATALOG === "1")
         return true;
-    if (requestMeta?.fullCatalog === true)
-        return true;
-    if (requestMeta?.clientHint) {
-        return FULL_CATALOG_CLIENT_RE.test(requestMeta.clientHint);
-    }
-    return FULL_CATALOG_CLIENT_RE.test(requestMeta?.clientName ?? "");
+    return requestMeta?.fullCatalog === true;
+}
+const warnedFullCatalogKeys = new Set();
+/**
+ * Loud, deduped warning emitted whenever the full MCP catalog is actually
+ * served. Full catalog is a deliberate, rare opt-in (env or a `--full-catalog`
+ * token claim); logging it makes an accidental ~100k-token tool dump visible
+ * instead of silent, so a regression can't quietly reintroduce the footgun.
+ */
+function warnFullCatalogServed(toolCount) {
+    const source = process.env.AGENT_NATIVE_MCP_FULL_CATALOG === "1"
+        ? "AGENT_NATIVE_MCP_FULL_CATALOG=1"
+        : "a token minted with --full-catalog (catalog_scope:full)";
+    const key = `${source}:${toolCount}`;
+    if (warnedFullCatalogKeys.has(key))
+        return;
+    warnedFullCatalogKeys.add(key);
+    console.warn(`[agent-native] Serving the FULL MCP tool catalog (${toolCount} tools) via ${source}. ` +
+        `This is a large context payload meant to be a rare, explicit opt-in — most ` +
+        `clients should use the default compact/connector catalog + tool-search instead.`);
 }
 /**
  * Returns true when the given action name is in the template's connector
@@ -132,18 +103,6 @@ function isActionInConnectorCatalog(name, config) {
         return false;
     return config.connectorCatalog.includes(name);
 }
-function shouldUseCompactMcpCatalogByDefault(identity, requestMeta) {
-    if (explicitlyRequestsFullMcpCatalog(requestMeta))
-        return false;
-    // OAuth callers are classified through `isKnownMcpAppOAuthClient`: unknown
-    // OAuth clients compact by default, while known code/CLI clients stay full.
-    if (identity?.oauthClientId)
-        return false;
-    // A real authenticated remote HTTP caller with no OAuth client metadata is
-    // usually a chat-host static-token connector. Keep it on the app-facing
-    // verbs so a host cannot dump every action schema into a giant tool card.
-    return requestMeta?.fullSurface === true;
-}
 function metadataObject(value) {
     return value && typeof value === "object" && !Array.isArray(value)
         ? value
@@ -844,25 +803,27 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
         : config.actions;
     const actions = mergeBuiltinTools(config, baseActions, requestMeta);
     const visibleActions = Object.fromEntries(Object.entries(actions).filter(([, entry]) => isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes)));
-    const compactMcpAppCatalog = explicitlyRequestsFullMcpCatalog(requestMeta)
-        ? false
-        : (Array.isArray(effectiveIdentity?.oauthScopes) &&
-            hasMcpOAuthScope(effectiveIdentity.oauthScopes, "mcp:apps")) ||
-            (await isKnownMcpAppOAuthClient(effectiveIdentity)) ||
-            shouldUseCompactMcpCatalogByDefault(effectiveIdentity, requestMeta);
+    const fullCatalogRequested = explicitlyRequestsFullMcpCatalog(requestMeta);
+    // Compact/connector is the DEFAULT for every caller — hosted connectors,
+    // code clients (Claude Code / Cursor / Codex), and the local CLI alike. The
+    // full ~105-tool catalog is served only on the explicit opt-in above, so a
+    // host can never dump every action schema into one giant tool card. The
+    // `mcp:apps` scope still lands on this compact MCP-Apps surface; with no
+    // opt-in, everyone else does too.
+    const compactMcpAppCatalog = !fullCatalogRequested;
     const advertisedActionsBeforeConnector = compactMcpAppCatalog
         ? Object.fromEntries(Object.entries(visibleActions).filter(([name, entry]) => isActionAdvertisedInCompactMcpAppCatalog(name, entry, config)))
         : visibleActions;
-    // Connector-catalog tier: on hosted multi-tenant deployments (signalled by
-    // AGENT_NATIVE_CONNECTOR_CATALOG=1) restrict external callers to the
-    // template-declared allow-list unless the token was minted with
-    // --full-catalog (catalog_scope: "full"). This prevents the ~105-tool full
-    // catalog from bloating every external agent's context window and removes
-    // db-exec / seed-* / extension / browser-session footguns.
-    const connectorCatalogActive = process.env.AGENT_NATIVE_CONNECTOR_CATALOG === "1" &&
-        Array.isArray(config.connectorCatalog) &&
+    // Connector-catalog tier: when a template declares a connector allow-list,
+    // serve exactly that curated surface (+ cross-app builtins + tool-search) to
+    // external callers unless they explicitly opted into the full catalog. This
+    // is active by default whenever a catalog is declared — no env flag required —
+    // so the ~105-tool full catalog can never leak just because a deployment
+    // forgot to set one. It also keeps db-exec / seed-* / extension /
+    // browser-session footguns off the external surface.
+    const connectorCatalogActive = Array.isArray(config.connectorCatalog) &&
         config.connectorCatalog.length > 0 &&
-        !explicitlyRequestsFullMcpCatalog(requestMeta);
+        !fullCatalogRequested;
     // When the connector catalog is active, filter directly from visibleActions
     // rather than advertisedActionsBeforeConnector. This ensures the connector
     // tier is an independent, template-declared surface that doesn't accidentally
@@ -871,6 +832,9 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
     const advertisedActions = connectorCatalogActive
         ? Object.fromEntries(Object.entries(visibleActions).filter(([name]) => isActionInConnectorCatalog(name, config)))
         : advertisedActionsBeforeConnector;
+    if (fullCatalogRequested) {
+        warnFullCatalogServed(Object.keys(advertisedActions).length);
+    }
     const supportsMcpApps = compactMcpAppCatalog ||
         Object.values(advertisedActions).some((entry) => Boolean(entry.mcpApp?.resource));
     const server = new Server(mcpServerInfo(config, requestMeta), {